How to protect your naked photos
Firstly, I never thought I’d be writing a post with a title like this. And yet, here I am.
Recently, news broke that a large number of (female) celebrities have had online accounts hacked and naked pictures they had taken were stolen and posted on-line. Some of the big names include Jennifer Lawrence, Kate Upton, Mary Elizabeth Winsteac, Kirsten Dunst, Kim Kardashian and Rhianna.
I’m including those names for two reasons. Firstly, it’s a current events story so it’s worth putting this blog post in context. Secondly, my intention is that if someone is googling in search of those images, this blog post may come up higher in the search rankings and confound them.
The legalities & morality surrounding sharing the photos are really quite simple. Humans have been creating artworks of the naked human form since we first learned to draw.
Like any personal or sexual act, what people like to do in their own bedrooms and private lives is really their own business, with one caveat: provided it takes place between to adults with full knowledge & consent.
If a person engages in a sexual act without the consent of another, that’s rape and it’s a crime in pretty much every civilized society.
It’s not that hard to see intimate photos such as the ones leaked (I presume – I haven’t seen them and have no intent to do so) through the same lens, as it were. If someone takes their own photo, that’s OK. If they choose to share that photo with another adult, with a general agreement of confidentiality, that’s OK as well.
If a person shares that without consent, that’s a crime.
If they publish a photo – any photo, actually – without the photographers consent, that’s also a crime. A different one, actually. But copyright abuse is also a crime.
If a person deliberately breaks through an electronic lock or safeguard to access private data, that to is a crime.
Sharing, or seeking out the leaked photos, perpetuates the crime, because it sends a message that condones the actions.
So, since this is an IT blog. If you are minded to take intimate photos of yourself, how should you protect them?
Taking the images
Firstly, there’s a simple option. Go old school and use an analog file camera. Provided you use one of the Polaroid or instant developing types, or you have a photo lab you know and trust, you should be fine. Just don’t let the photos or negatives near a scanner.
If you’re minded to go digital, the key is to keep the images under your own control as much as possible. So, use a digital camera with a memory card that doesn’t have a direct internet link. If you *must* use an iPhone, Android or other smart phone, disable cloud synchronization for your photos. Also disable GPS tagging of images.
Processing the images
Once you’ve downloaded them to your computer, delete them from the memory card or phone. If you used a phone, there are a number of utilities available to wipe the deleted/empty space on your phone. Use them. If you used a memory card, reformat the card, take a bunch of random, disposable photos, then format it a second time.
Now that the images are on your computer, there are a few important steps you can take to safeguard them there.
This is the time to blur/airbrush out any parts of the photo you may wish to – such as your surroundings, your face or other body parts, any identifying birthmarks or tattoos, and any other people in the image (including photos on walls or reflected in mirrors or shiny surfaces.) Once these are done, save the files and delete the original files.
It’s most important to keep the images under your control. Don’t store them in any cloud service, including iCloud, DropBox, Google Drive or anything service such as these. Don’t forget to consider your backups, too. Whilst I normally encourage people to back up their systems, if it’s backed up in the cloud, it can be accessed and restored from the cloud.
Encrypting your computer’s hard disk with something like TrueCrypt (now defunct, but it’s still around), PGP or Apple FileVault or Microsoft BitLocker is a good idea. They will help you if your computer is lost or stolen. But they won’t protect you if a virus or other malware gets into your computer whilst it’s running.
The simplest solution is to store your images on a removable disk, such as a USB drive. Certainly encrypt that as well, but remove the disk when you’re not using it, and store it securely under lock & key. A lockable desk drawer, strong box or something similar is ideal, provided you are the only person that has a key.
If your images were at any time stored on your computer’s main hard disk, make sure the files are deleted securely (use PGP Shred or SDELETE on Windows, on a Mac delete the file then Command-Right click on the Trash Can and choose Secure Empty Trash)
If you decide you no longer want to keep the images, destroy the files as above and/or physically destroy the drive. An angle grinder works effectively. Seriously, do this.
You should also consider adding a copyright and watermark to the images. Not a small watermark in the corner, but in big text diagonally across the image. Doing so makes it easier to assert copyright later on, and less desirable for others to republish/share the image.
Sharing the images
If you’re minded to share your images with someone special, firstly: make sure you 100% trust that person. Once the images leave your control, there’s the risk that they might share them, or leave them in an insecure location. So, make sure you know and trust them, and that they agree to the ground rules on what they can & cannot do. Show them this blog post.
You may want to extract a promise that they delete them after a certain period of time. It’s harder to enforce, but we already covered the trust factor, didn’t we?
Consider including the recipient’s name and the basis on which it was shared in the watermark and copyright. It may make them think twice about sharing it, and if it leaks out you’ll know who it was. If you share the image with multiple people, create a new copy with a different watermark each time.
Ideally, transfer the images via password protected USB stick in person. If you are in a reasonably secure/quiet location where electronic eavesdropping is unlikely, transferring over Bluetooth or AirDrop may be an option, but not a recommended one.
If you absolutely must transfer electronically, use email encrypted with GnuPG or PGP. (Password protected ZIP files are definitely not secure, by the way. Nor is embedding the images in a password protected Word document.)
Unless you’re intending to publish your images to the world (if you are, that’s a different matter with different laws and guidelines), don’t use any online image sharing or cloud hosted service. I have yet to encounter a single one that could not be compromised by a determined hacker or social engineer.
Detecting a problem
Whilst prevention is far better than cure, there is always a risk that one or more of your images may leak out.
Every so often, you should reach out to anyone you’ve shared the images with and ensure they are still secure, and ask them do securely delete them (and all backups) if they no longer should hold copies.
You should also occasionally run your images against Google Image Search, to ensure the image hasn’t been uploaded somewhere online.
Since the only thing worse than having an intimate image circulated without your consent is being identified by it, you should also consider setting up Google Alerts for your name, phone number and all internet aliases and email addresses you use. This should ensure you are notified within a day or two of your identity being mentioned online (provided Google is indexing that site.)
It’s important to remember that the women whose images were stolen are in no way to blame for being hacked or having their images posted and re-posted online. There’s no doubt that this was a crime and they are innocent victims of it. However, the safeguards discussed in this article are virtually identical to the advice that would be given about protecting any other type of data file or personal information. Secure the collection and processing of the data as best you can, limit the number of parties with access, and (as much as possible) check the integrity of the people you share and store it with.